Описание
The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5.
Ссылки
- Release NotesVendor Advisory
- Third Party Advisory
- Release NotesVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.7.5 (включая)
cpe:2.3:a:radykal:fancy_product_designer:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 30%
0.0011
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
почти 4 года назад
The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5.
EPSS
Процентиль: 30%
0.0011
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
CWE-352